JWT Authentication In Node.js
In modern web development, ensuring secure and efficient user authentication is paramount. JSON Web Tokens (JWT) offer a robust solution for token-based authentication, enabling secure transmission of user information between parties.
This article provides a step-by-step approach to implementing JWT authentication in Node.js applications, enhancing the security of your APIs.
What is JWT?
JWT (JSON Web Token) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. These tokens are digitally signed, ensuring the integrity and authenticity of the data they carry.
How JWT Works
JWTs consist of three parts: the header, payload, and signature. The payload contains the user data, and the signature ensures that the token hasn't been altered. Implementing JWT in Node.js allows you to secure your APIs while maintaining scalability and efficiency.
1. Header
The header typically consists of two parts: the type of token (JWT) and the signing algorithm being used, such as HMAC SHA256 or RSA.
{
"alg": "HS256",
"typ": "JWT"
}
2. Payload
The payload contains the claims, which are statements about an entity (typically, the user) and additional data. There are three types of claims: registered, public, and private claims.
{
"sub": "1234567890",
"name": "Aman Gupta",
"admin": true
}
3. Signature
To create the signature part, you have to take the encoded header, the encoded payload, a secret, and the algorithm specified in the header and sign that.
HMACSHA256(
base64UrlEncode(header) + "." +
base64UrlEncode(payload),
secret)
Steps To Implement JWT Authentication In Node.js
Step 1: Initialize the node application using the following command.
npm init -yStep 2: Installing required packages
npm install express dotenv jsonwebtoken- express: Web framework for Node.js.
- dotenv: Loads environment variables from a .env file.
- jsonwebtoken: Library to sign and verify JWTs
Step 3: Create Configuration File (.env).
PORT = 5000
JWT_SECRET_KEY = gfg_jwt_secret_key
TOKEN_HEADER_KEY = gfg_token_header_key
Project Structure
Dependencies
"dependencies": {
"dotenv": "^16.4.5",
"express": "^4.19.2",
"jsonwebtoken": "^9.0.2"
}
Example: Below is the code example of the JWT Authentication with Node JS
// Filename - index.js
const express = require('express');
const dotenv = require('dotenv');
const jwt = require('jsonwebtoken');
const app = express();
// Set up Global configuration access
dotenv.config();
let PORT = process.env.PORT || 5000;
app.listen(PORT, () => {
console.log(`Server is up and running on ${PORT} ...`);
});
// Main Code Here //
// Generating JWT
app.post("/user/generateToken", (req, res) => {
// Validate User Here
// Then generate JWT Token
let jwtSecretKey = process.env.JWT_SECRET_KEY;
let data = {
time: Date(),
userId: 12,
}
const token = jwt.sign(data, jwtSecretKey);
res.send(token);
});
// Verification of JWT
app.get("/user/validateToken", (req, res) => {
// Tokens are generally passed in header of request
// Due to security reasons.
let tokenHeaderKey = process.env.TOKEN_HEADER_KEY;
let jwtSecretKey = process.env.JWT_SECRET_KEY;
try {
const token = req.header(tokenHeaderKey);
const verified = jwt.verify(token, jwtSecretKey);
if (verified) {
return res.send("Successfully Verified");
} else {
// Access Denied
return res.status(401).send(error);
}
} catch (error) {
// Access Denied
return res.status(401).send(error);
}
});
To start the application run the following command.
node app.js
Output
POST Request
POST Response
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0aW1lIjoiTW9uIEp
hbiAxOCAyMDIxIDE2OjM2OjU3IEdNVCswNTMwIChJbmRpYSBT
dGFuZGFyZCBU aW1lKSIsInVzZXJJZCI6MTIsImlhdCI6MTYxMDk2O
DAxN30.QmWFjXhP6YtbzDAHlcE7mDMyXIdnTv1c9xOBCakNZ94
GET Request:
GET Request Header:
GET Response:
Successfully Verified
